DHS and NIST to Collaborate, 5/22/03.

DHS and NIST to Collaborate

May 22, 2003. Department of Homeland Security's (DHS) Science and Technology Directorate and the Department of Commerce's (DOC) Technology Administration (TA), which includes the National Institute of Standards and Technology (NIST), entered into a Memorandum of Understanding (MOU) [2 pages in MS Word] which states that "the Directorate and TA seek to collaborate on research and planning activities, and share where appropriate facilities, personnel, and scientific information".

The MOU was signed by Phil Bond (at right), the Under Secretary of Commerce for Technology, and Charles McQueary, the head of the DHS's Science and Technology Directorate. Bond stated in a DHS release that "this MOU allows the Department to play a significant and useful research and technology development role in supporting the DHS mission".

This DHS release also states that "The MOU develops a formal working relationship with the DHS Science and Technology Directorate and the TA's National Institute of Standards and Technology (NIST). NIST is also working to develop ``interoperability´´ standards for first responders and is doing work on cybersecurity ..."

The DHS published a copy of this short MOU in its web site in MS Word format. Moreover, the DHS published a version, which, when displayed in the "markup view", reveals additions and deletions to the text of the document. Hence, the DHS published to the public earlier drafts of this MOU.

An earlier draft, which was significantly longer, provided details on the specific areas where the TA and DHS would collaborate. The final draft removed all of these specifics, and left only the broad principle that the two entities will collaborate.

One paragraph that was in an earlier draft, but deleted from the final draft, pertained to collaboration on cyber security.

This deleted paragraph provided that "The Directorate has an interest in the evaluation of measurement methods used in security technologies. Through a linkage with NIST, the Directorate can deliver physical standards to its customers that improve assurance of security system performance. In addition, NIST has a long history of providing information technology (IT) best practices and guidelines. NIST also has a legislative mandate to provide Federal Information Processing Standards (FIPS) for the Federal government, many of which are adopted by private industry and focused on cybersecurity. Through a linkage with the Directorate, NIST can improve its understanding of homeland security requirements for measurement science and standards support while augmenting the science and engineering infrastructure of its own laboratories. Indeed, closer integration of reinforcing activities is entirely consistent with the missions and long-range goals of both agencies."

Michael Newman, spokesman for the NIST, told Tech Law Journal that an earlier draft of the MOU listed specific areas of collaboration, but that the final draft did not, because the agencies did not want to "lock it in cement". The agencies did not want to exclude other areas of possible collaboration in the future.

He added that the NIST's Computer Security Division (CSD) has already detailed one computer security expert, Richard Kissel, to work at the DHS.

When the Bush administration originally proposed creating the new DHS in the summer of 2002, it proposed moving the NIST's Computer Security Division to the new DHS. See, HR 5005 (107th Congress), as introduced on June 24, 2002, at Section 202, paragraph (4).

Some technology companies, groups that represent them, and technophiles in Congress, objected to moving the CSD. They argued that the DHS would have a law enforcement and national security focus that is inconsistent with the standards setting process. For example, the CSD deals with encryption standards, and law enforcement authorities and national security agencies have a history of opposing widespread use of strong encryption products by the private sector.

Moreover, the draft MOU specifically provided for "technical collaboration, technical review of each others work" in the area of "encryption standards".

The draft MOU provided that "The following list describes a few areas of technical interest to the Directorate where NIST has significant expertise. This list is not intended to be exhaustive. Accordingly, it is likely that additional areas will be appropriate for future interactions. The Directorate and NIST may carry out these and other shared objectives through joint technical collaboration, technical review of each other’s work, joint publications, and such other mechanisms as may be mutually agreeable. ... Cybersecurity such as encryption standards and cryptography."

In the summer of 2002, the administration lost on this issue, and the CSD remained at the NIST.

See, story titled "Rep. Goodlatte and Clark Debate Moving CSD to DHS" in TLJ Daily E-Mail Alert No. 472, July 18, 2002. See also, July 17, 2002, letter from Rep. Bob Goodlatte (R-VA), Rep. Rick Boucher (D-VA), and other Representatives, to former Speaker Dick Armey (R-TX) opposing moving the CSD to the DHS. See also, stories titled "Key Provisions of the Select Committee Version of the Homeland Security Act" and "House Select Committee Approves Homeland Security Act" in TLJ Daily E-Mail Alert No. 474, July 22, 2002.